]>
Commit | Line | Data |
---|---|---|
df54106a SH |
1 | /* pam-cgfs |
2 | * | |
3 | * Copyright © 2016 Canonical, Inc | |
4 | * Author: Serge Hallyn <serge.hallyn@ubuntu.com> | |
5 | * | |
6 | * When a user logs in, this pam module will create cgroups which | |
7 | * the user may administer, for all controllers except name=systemd, | |
8 | * or for any controllers listed on the command line (if any are | |
9 | * listed). | |
10 | * | |
11 | * The cgroup created will be "user/$user/0" for the first session, | |
12 | * "user/$user/1" for the second, etc. | |
13 | * | |
14 | * All requested cgroups must be mounted under /sys/fs/cgroup/$controller, | |
15 | * no messing around with finding mountpoints. | |
16 | * | |
17 | * See COPYING file for details. | |
18 | */ | |
19 | ||
20 | #include <stdio.h> | |
21 | #include <stdlib.h> | |
22 | #include <unistd.h> | |
23 | #include <syslog.h> | |
24 | #include <stdarg.h> | |
25 | #include <errno.h> | |
26 | #include <sys/mount.h> | |
27 | #include <sys/types.h> | |
28 | #include <sys/stat.h> | |
29 | #include <sys/param.h> | |
30 | #include <pwd.h> | |
31 | #include <stdbool.h> | |
32 | #include <dirent.h> | |
33 | ||
34 | #define PAM_SM_SESSION | |
35 | #include <security/_pam_macros.h> | |
36 | #include <security/pam_modules.h> | |
37 | ||
38 | #include <linux/unistd.h> | |
39 | ||
40 | static bool initialized; | |
41 | ||
42 | static void mysyslog(int err, const char *format, ...) | |
43 | { | |
44 | va_list args; | |
45 | ||
46 | va_start(args, format); | |
47 | openlog("PAM-CGFS", LOG_CONS|LOG_PID, LOG_AUTH); | |
48 | vsyslog(err, format, args); | |
49 | va_end(args); | |
50 | closelog(); | |
51 | } | |
52 | ||
53 | static char *must_strcat(const char *first, ...) __attribute__((sentinel)); | |
54 | ||
55 | static char *must_strcat(const char *first, ...) | |
56 | { | |
57 | va_list args; | |
58 | char *dest, *cur, *new; | |
59 | size_t len; | |
60 | ||
61 | do { | |
62 | dest = strdup(first); | |
63 | } while (!dest); | |
64 | len = strlen(dest); | |
65 | ||
66 | va_start(args, first); | |
67 | ||
68 | while ((cur = va_arg(args, char *)) != NULL) { | |
69 | size_t newlen = len + strlen(cur); | |
70 | do { | |
71 | new = realloc(dest, newlen + 1); | |
72 | } while (!new); | |
73 | dest = new; | |
74 | strcat(dest, cur); | |
75 | len = newlen; | |
76 | } | |
77 | va_end(args); | |
78 | ||
79 | return dest; | |
80 | } | |
81 | ||
82 | static bool exists(const char *path) | |
83 | { | |
84 | struct stat sb; | |
85 | int ret; | |
86 | ||
87 | ret = stat(path, &sb); | |
88 | return ret == 0; | |
89 | } | |
90 | ||
91 | static bool is_dir(const char *path) | |
92 | { | |
93 | struct stat sb; | |
94 | ||
95 | if (stat(path, &sb) < 0) | |
96 | return false; | |
97 | if (S_ISDIR(sb.st_mode)) | |
98 | return true; | |
99 | return false; | |
100 | } | |
101 | ||
102 | static bool mkdir_p(const char *root, char *path) | |
103 | { | |
104 | char *b, orig, *e; | |
105 | ||
106 | if (strlen(path) < strlen(root)) | |
107 | return false; | |
108 | if (strlen(path) == strlen(root)) | |
109 | return true; | |
110 | ||
111 | b = path + strlen(root) + 1; | |
112 | while (1) { | |
113 | while (*b && *b == '/') | |
114 | b++; | |
115 | if (!*b) | |
116 | return true; | |
117 | e = b + 1; | |
118 | while (*e && *e != '/') | |
119 | e++; | |
120 | orig = *e; | |
121 | if (orig) | |
122 | *e = '\0'; | |
123 | if (exists(path)) | |
124 | goto next; | |
125 | if (mkdir(path, 0755) < 0) { | |
126 | #if DEBUG | |
127 | fprintf(stderr, "Failed to create %s: %m\n", path); | |
128 | #endif | |
129 | return false; | |
130 | } | |
131 | next: | |
132 | if (!orig) | |
133 | return true; | |
134 | *e = orig; | |
135 | b = e + 1; | |
136 | } | |
137 | ||
138 | } | |
139 | ||
140 | struct controller { | |
141 | struct controller *next; | |
142 | int id; | |
143 | char *name; | |
144 | char *mount_path; | |
145 | char *init_path; | |
146 | }; | |
147 | ||
148 | #define MAXCONTROLLERS 20 | |
149 | static struct controller *controllers[MAXCONTROLLERS]; | |
150 | ||
151 | /* Find the path at which each controller is mounted. */ | |
152 | static void get_mounted_paths(void) | |
153 | { | |
154 | int i; | |
155 | struct controller *c; | |
156 | char *path; | |
157 | ||
158 | for (i = 0; i < MAXCONTROLLERS; i++) { | |
159 | c = controllers[i]; | |
160 | if (!c || c->mount_path) | |
161 | continue; | |
162 | path = must_strcat("/sys/fs/cgroup/", c->name, NULL); | |
163 | if (!exists(path)) { | |
164 | free(path); | |
165 | continue; | |
166 | } | |
167 | while (c) { | |
168 | c->mount_path = path; | |
169 | c = c->next; | |
170 | } | |
171 | } | |
172 | } | |
173 | ||
174 | static bool add_controller(int id, char *tok) | |
175 | { | |
176 | struct controller *c; | |
177 | ||
178 | if ((c = malloc(sizeof(struct controller))) == NULL) | |
179 | return false; | |
180 | c->id = id; | |
181 | if ((c->name = strdup(tok)) == NULL) | |
182 | return false; | |
183 | c->next = controllers[id]; | |
184 | c->mount_path = NULL; | |
185 | c->init_path = NULL; | |
186 | controllers[id] = c; | |
187 | return true; | |
188 | } | |
189 | ||
190 | static void drop_controller(int which) | |
191 | { | |
192 | struct controller *c = controllers[which]; | |
193 | ||
194 | if (c) { | |
195 | free(c->init_path); // all comounts share this | |
196 | free(c->mount_path); | |
197 | } | |
198 | while (c) { | |
199 | struct controller *tmp = c->next; | |
200 | free(c->name); | |
201 | free(c); | |
202 | c = tmp; | |
203 | } | |
204 | controllers[which] = NULL; | |
205 | } | |
206 | ||
207 | static bool single_in_filter(char *c, const char *filter) | |
208 | { | |
209 | char *dup = strdupa(filter), *tok; | |
210 | for (tok = strtok(dup, ","); tok; tok = strtok(NULL, ",")) { | |
211 | if (strcmp(c, tok) == 0) | |
212 | return true; | |
213 | } | |
214 | return false; | |
215 | } | |
216 | ||
217 | static bool controller_in_filter(struct controller *controller, const char *filter) | |
218 | { | |
219 | struct controller *c; | |
220 | ||
221 | for (c = controller; c; c = c->next) { | |
222 | if (single_in_filter(c->name, filter)) | |
223 | return true; | |
224 | } | |
225 | return false; | |
226 | } | |
227 | ||
228 | /* | |
229 | * Passed a comma-delimited list of requested controllers. | |
230 | * Pulls any controllers not in the list out of the | |
231 | * list of controllers | |
232 | */ | |
233 | static void filter_controllers(const char *filter) | |
234 | { | |
235 | int i; | |
236 | for (i = 0; i < MAXCONTROLLERS; i++) { | |
237 | if (!controllers[i]) | |
238 | continue; | |
239 | if (filter && !controller_in_filter(controllers[i], filter)) | |
240 | drop_controller(i); | |
241 | } | |
242 | } | |
243 | ||
244 | #define INIT_SCOPE "/init.scope" | |
245 | static void prune_init_scope(char *cg) | |
246 | { | |
247 | char *point; | |
248 | ||
249 | if (!cg) | |
250 | return; | |
251 | ||
252 | point = cg + strlen(cg) - strlen(INIT_SCOPE); | |
253 | if (point < cg) | |
254 | return; | |
255 | if (strcmp(point, INIT_SCOPE) == 0) { | |
256 | if (point == cg) | |
257 | *(point+1) = '\0'; | |
258 | else | |
259 | *point = '\0'; | |
260 | } | |
261 | } | |
262 | ||
263 | static bool fill_in_init_paths(void) | |
264 | { | |
265 | FILE *f; | |
266 | char *line = NULL; | |
267 | size_t len = 0; | |
268 | struct controller *c; | |
269 | ||
270 | f = fopen("/proc/1/cgroup", "r"); | |
271 | if (!f) | |
272 | return false; | |
273 | while (getline(&line, &len, f) != -1) { | |
274 | int id; | |
275 | char *subsystems, *ip; | |
276 | if (sscanf(line, "%d:%m[^:]:%ms", &id, &subsystems, &ip) != 3) { | |
277 | mysyslog(LOG_ERR, "Corrupt /proc/1/cgroup\n"); | |
278 | fclose(f); | |
279 | return false; | |
280 | } | |
281 | free(subsystems); | |
282 | if (id < 0 || id > 20) { | |
283 | mysyslog(LOG_ERR, "Too many subsystems\n"); | |
284 | free(ip); | |
285 | fclose(f); | |
286 | return false; | |
287 | } | |
288 | if (ip[0] != '/') { | |
289 | free(ip); | |
290 | mysyslog(LOG_ERR, "ERROR: init cgroup path is not absolute!\n"); | |
291 | return false; | |
292 | } | |
293 | prune_init_scope(ip); | |
294 | for (c = controllers[id]; c; c = c->next) | |
295 | c->init_path = ip; | |
296 | } | |
297 | fclose(f); | |
298 | return true; | |
299 | } | |
300 | ||
301 | #if DEBUG | |
302 | static void print_found_controllers(void) { | |
303 | struct controller *c; | |
304 | int i; | |
305 | ||
306 | for (i = 0; i < MAXCONTROLLERS; i++) { | |
307 | c = controllers[i]; | |
308 | if (!c) { | |
309 | fprintf(stderr, "Nothing in controller %d\n", i); | |
310 | continue; | |
311 | } | |
312 | fprintf(stderr, "Controller %d:\n", i); | |
313 | while (c) { | |
314 | fprintf(stderr, " Next mount: index %d name %s\n", c->id, c->name); | |
315 | fprintf(stderr, " mount path %s\n", c->mount_path ? c->mount_path : "(none)"); | |
316 | fprintf(stderr, " init task path %s\n", c->init_path); | |
317 | c = c->next; | |
318 | } | |
319 | } | |
320 | } | |
321 | #else | |
322 | static inline void print_found_controllers(void) { }; | |
323 | #endif | |
324 | /* | |
325 | * Get the list of cgroup controllers currently mounted. | |
326 | * This includes both kernel and named subsystems, so get the list from | |
327 | * /proc/self/cgroup rather than /proc/cgroups. | |
328 | */ | |
329 | static bool get_active_controllers(void) | |
330 | { | |
331 | FILE *f; | |
332 | char *line = NULL, *tok; | |
333 | size_t len = 0; | |
334 | ||
335 | f = fopen("/proc/self/cgroup", "r"); | |
336 | if (!f) | |
337 | return false; | |
338 | while (getline(&line, &len, f) != -1) { | |
339 | int id; | |
340 | char *subsystems; | |
341 | if (sscanf(line, "%d:%m[^:]:", &id, &subsystems) != 2) { | |
342 | mysyslog(LOG_ERR, "Corrupt /proc/self/cgroup\n"); | |
343 | fclose(f); | |
344 | return false; | |
345 | } | |
346 | if (id < 0 || id > 20) { | |
347 | mysyslog(LOG_ERR, "Too many subsystems\n"); | |
348 | free(subsystems); | |
349 | fclose(f); | |
350 | return false; | |
351 | } | |
352 | if (strcmp(subsystems, "name=systemd") == 0) | |
353 | goto next; | |
354 | for (tok = strtok(subsystems, ","); tok; tok = strtok(NULL, ",")) | |
355 | add_controller(id, tok); | |
356 | next: | |
357 | free(subsystems); | |
358 | } | |
359 | fclose(f); | |
360 | ||
361 | get_mounted_paths(); | |
362 | ||
363 | if (!fill_in_init_paths()) { | |
364 | mysyslog(LOG_ERR, "Failed finding cgroups for init task\n"); | |
365 | return false; | |
366 | } | |
367 | ||
368 | print_found_controllers(); | |
369 | ||
370 | initialized = true; | |
371 | ||
372 | return true; | |
373 | } | |
374 | ||
79ab1116 | 375 | static bool cgfs_create_forone(const struct controller *c, uid_t uid, gid_t gid, const char *cg, bool *existed) |
df54106a SH |
376 | { |
377 | while (c) { | |
378 | if (!c->mount_path || !c->init_path) | |
379 | goto next; | |
380 | char *path = must_strcat(c->mount_path, c->init_path, cg, NULL); | |
381 | #if DEBUG | |
382 | fprintf(stderr, "Creating %s for %s\n", path, c->name); | |
383 | #endif | |
384 | if (exists(path)) { | |
385 | free(path); | |
386 | *existed = true; | |
387 | #if DEBUG | |
388 | fprintf(stderr, "%s existed\n", path); | |
389 | #endif | |
390 | return true; | |
391 | } | |
392 | bool pass = mkdir_p(c->mount_path, path); | |
393 | #if DEBUG | |
394 | fprintf(stderr, "Creating %s %s\n", path, pass ? "succeeded" : "failed"); | |
395 | #endif | |
79ab1116 SH |
396 | if (pass) { |
397 | if (chown(path, uid, gid) < 0) | |
398 | mysyslog(LOG_WARNING, "Failed to chown %s to %d:%d: %m\n", | |
399 | path, (int)uid, (int)gid); | |
400 | } | |
df54106a SH |
401 | free(path); |
402 | if (pass) | |
403 | return true; | |
404 | next: | |
405 | c = c->next; | |
406 | } | |
407 | return false; | |
408 | } | |
409 | ||
410 | static void recursive_rmdir(const char *path) | |
411 | { | |
412 | struct dirent *direntp; | |
413 | DIR *dir; | |
414 | ||
415 | dir = opendir(path); | |
416 | if (!dir) | |
417 | return; | |
418 | while ((direntp = readdir(dir))!= NULL) { | |
419 | if (!strcmp(direntp->d_name, ".") || | |
420 | !strcmp(direntp->d_name, "..")) | |
421 | continue; | |
422 | ||
423 | char *dpath = must_strcat(path, "/", direntp->d_name, NULL); | |
424 | if (is_dir(dpath)) { | |
425 | recursive_rmdir(dpath); | |
426 | #if DEBUG | |
427 | fprintf(stderr, "attempting to remove %s\n", dpath); | |
428 | #endif | |
429 | if (rmdir(dpath) < 0) { | |
430 | #if DEBUG | |
431 | fprintf(stderr, "Failed removing %s: %m\n", dpath); | |
432 | #endif | |
433 | } | |
434 | } | |
435 | free(dpath); | |
436 | } | |
437 | ||
438 | closedir(dir); | |
439 | } | |
440 | ||
441 | /* | |
442 | * Try to remove a cgroup in a controller to cleanup during failure. | |
443 | * All mounts of comounted controllers are the same, so we just look | |
444 | * for the first mount which exists, try to remove the directory, and | |
445 | * return. | |
446 | */ | |
447 | static void cgfs_remove_forone(int idx, const char *cg) | |
448 | { | |
449 | struct controller *c = controllers[idx]; | |
450 | char *path; | |
451 | ||
452 | while (c) { | |
453 | if (c->mount_path) { | |
454 | path = must_strcat(c->mount_path, cg, NULL); | |
455 | recursive_rmdir(path); | |
456 | free(path); | |
457 | } | |
458 | c = c->next; | |
459 | } | |
460 | } | |
461 | ||
79ab1116 | 462 | static bool cgfs_create(const char *cg, uid_t uid, gid_t gid, bool *existed) |
df54106a SH |
463 | { |
464 | *existed = false; | |
465 | int i, j; | |
466 | ||
467 | #if DEBUG | |
468 | fprintf(stderr, "creating %s\n", cg); | |
469 | #endif | |
470 | for (i = 0; i < MAXCONTROLLERS; i++) { | |
471 | struct controller *c = controllers[i]; | |
472 | ||
473 | if (!c) | |
474 | continue; | |
475 | ||
79ab1116 | 476 | if (!cgfs_create_forone(c, uid, gid, cg, existed)) { |
df54106a SH |
477 | for (j = 0; j < i; j++) |
478 | cgfs_remove_forone(j, cg); | |
479 | return false; | |
480 | } | |
481 | } | |
482 | ||
483 | return true; | |
484 | } | |
485 | ||
df54106a SH |
486 | static bool write_int(char *path, int v) |
487 | { | |
488 | FILE *f = fopen(path, "w"); | |
489 | if (!f) | |
490 | return false; | |
491 | fprintf(f, "%d\n", v); | |
492 | fclose(f); | |
493 | return true; | |
494 | } | |
495 | ||
496 | static bool do_enter(struct controller *c, const char *cg) | |
497 | { | |
498 | char *path; | |
499 | bool pass; | |
500 | ||
501 | while (c) { | |
502 | if (!c->mount_path || !c->init_path) | |
503 | continue; | |
504 | path = must_strcat(c->mount_path, c->init_path, cg, "/cgroup.procs", NULL); | |
505 | if (!exists(path)) { | |
506 | free(path); | |
507 | path = must_strcat(c->mount_path, c->init_path, cg, "/tasks", NULL); | |
508 | } | |
509 | #if DEBUG | |
510 | fprintf(stderr, "Attempting to enter %s:%s using %s\n", c->name, cg, path); | |
511 | #endif | |
512 | pass = write_int(path, (int)getpid()); | |
513 | free(path); | |
514 | if (pass) /* only have to enter one of the comounts */ | |
515 | return true; | |
516 | #if DEBUG | |
517 | if (!pass) | |
518 | fprintf(stderr, "Failed to enter %s:%s\n", c->name, cg); | |
519 | #endif | |
520 | c = c->next; | |
521 | } | |
522 | ||
523 | return false; | |
524 | } | |
525 | ||
526 | static bool cgfs_enter(const char *cg) | |
527 | { | |
528 | int i; | |
529 | ||
530 | for (i = 0; i < MAXCONTROLLERS; i++) { | |
531 | struct controller *c = controllers[i]; | |
532 | ||
533 | if (!c) | |
534 | continue; | |
535 | ||
536 | if (!do_enter(c, cg)) | |
537 | return false; | |
538 | } | |
539 | ||
540 | return true; | |
541 | } | |
542 | ||
543 | static void cgfs_escape(void) | |
544 | { | |
545 | if (!cgfs_enter("/")) { | |
546 | mysyslog(LOG_WARNING, "Failed to escape to init's cgroup\n"); | |
547 | } | |
548 | } | |
549 | ||
550 | static bool get_uid_gid(const char *user, uid_t *uid, gid_t *gid) | |
551 | { | |
552 | struct passwd *pwent; | |
553 | ||
554 | pwent = getpwnam(user); | |
555 | if (!pwent) | |
556 | return false; | |
557 | *uid = pwent->pw_uid; | |
558 | *gid = pwent->pw_gid; | |
559 | ||
560 | return true; | |
561 | } | |
562 | ||
563 | #define DIRNAMSZ 200 | |
564 | static int handle_login(const char *user) | |
565 | { | |
566 | int idx = 0, ret; | |
567 | bool existed; | |
568 | uid_t uid = 0; | |
569 | gid_t gid = 0; | |
570 | char cg[MAXPATHLEN]; | |
571 | ||
572 | if (!get_uid_gid(user, &uid, &gid)) { | |
573 | mysyslog(LOG_ERR, "Failed to get uid and gid for %s\n", user); | |
574 | return PAM_SESSION_ERR; | |
575 | } | |
576 | ||
577 | cgfs_escape(); | |
578 | ||
579 | while (idx >= 0) { | |
580 | ret = snprintf(cg, MAXPATHLEN, "/user/%s/%d", user, idx); | |
581 | if (ret < 0 || ret >= MAXPATHLEN) { | |
582 | mysyslog(LOG_ERR, "username too long\n"); | |
583 | return PAM_SESSION_ERR; | |
584 | } | |
585 | ||
79ab1116 | 586 | if (!cgfs_create(cg, uid, gid, &existed)) { |
df54106a SH |
587 | mysyslog(LOG_ERR, "Failed to create a cgroup for user %s\n", user); |
588 | return PAM_SESSION_ERR; | |
589 | } | |
590 | ||
591 | if (existed == 1) { | |
592 | idx++; | |
593 | continue; | |
594 | } | |
595 | ||
df54106a SH |
596 | if (!cgfs_enter(cg)) { |
597 | mysyslog(LOG_ERR, "Failed to enter user cgroup %s for user %s\n", cg, user); | |
598 | return PAM_SESSION_ERR; | |
599 | } | |
600 | break; | |
601 | } | |
602 | ||
603 | return PAM_SUCCESS; | |
604 | } | |
605 | ||
606 | int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, | |
607 | const char **argv) | |
608 | { | |
609 | const char *PAM_user = NULL; | |
610 | int ret; | |
611 | ||
612 | if (!get_active_controllers()) { | |
613 | mysyslog(LOG_ERR, "Failed to get list of controllers\n"); | |
614 | return PAM_SESSION_ERR; | |
615 | } | |
616 | ||
617 | if (argc > 1 && strcmp(argv[0], "-c") == 0) | |
618 | filter_controllers(argv[1]); | |
619 | ||
620 | ret = pam_get_user(pamh, &PAM_user, NULL); | |
621 | if (ret != PAM_SUCCESS) { | |
622 | mysyslog(LOG_ERR, "PAM-CGFS: couldn't get user\n"); | |
623 | return PAM_SESSION_ERR; | |
624 | } | |
625 | ||
626 | ret = handle_login(PAM_user); | |
627 | return ret; | |
628 | } | |
629 | ||
630 | static void prune_empty_cgroups(struct controller *c, const char *user) | |
631 | { | |
632 | while (c) { | |
633 | if (!c->mount_path || !c->init_path) | |
634 | goto next; | |
635 | char *path = must_strcat(c->mount_path, c->init_path, "user/", user, NULL); | |
636 | #if DEBUG | |
637 | fprintf(stderr, "Pruning %s\n", path); | |
638 | #endif | |
639 | recursive_rmdir(path); | |
640 | next: | |
641 | c = c->next; | |
642 | } | |
643 | } | |
644 | ||
645 | /* | |
646 | * Since we can't rely on kernel's autoremove, remove stale cgroups | |
647 | * any time the user logs out. | |
648 | */ | |
649 | static void prune_user_cgs(const char *user) | |
650 | { | |
651 | int i; | |
652 | ||
653 | for (i = 0; i < MAXCONTROLLERS; i++) | |
654 | prune_empty_cgroups(controllers[i], user); | |
655 | } | |
656 | ||
657 | int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, | |
658 | const char **argv) | |
659 | { | |
660 | const char *PAM_user = NULL; | |
661 | int ret = pam_get_user(pamh, &PAM_user, NULL); | |
662 | ||
663 | if (ret != PAM_SUCCESS) { | |
664 | mysyslog(LOG_ERR, "PAM-CGFS: couldn't get user\n"); | |
665 | return PAM_SESSION_ERR; | |
666 | } | |
667 | ||
668 | if (!initialized) { | |
669 | get_active_controllers(); | |
670 | if (argc > 1 && strcmp(argv[0], "-c") == 0) | |
671 | filter_controllers(argv[1]); | |
672 | } | |
673 | ||
674 | prune_user_cgs(PAM_user); | |
675 | return PAM_SUCCESS; | |
676 | } |